ENGCOM-5295: #486 added customer account validation in Quote operations #714

 - Merge Pull Request magento/graphql-ce#714 from vovsky/graphql-ce:486-add-customer-account-validation-in-quote-operations
 - Merged commits:
   1. f91224e
   2. 65c6327
   3. 0a68474
   4. a8ea439
   5. d983e25
   6. 7fc5494
   7. 0890aa8

Author: magento-engcom-team

app/code/Magento/CustomerGraphQl/Model/Context/AddUserInfoToContext.php

@@ -39,14 +39,27 @@ public function execute(ContextParametersInterface $contextParameters): ContextP
         if (null !== $currentUserId) {
             $currentUserId = (int)$currentUserId;
         }
+        $contextParameters->setUserId($currentUserId);
 
         $currentUserType = $this->userContext->getUserType();
         if (null !== $currentUserType) {
             $currentUserType = (int)$currentUserType;
         }
-
-        $contextParameters->setUserId($currentUserId);
         $contextParameters->setUserType($currentUserType);
+
+        $contextParameters->addExtensionAttribute('is_customer', $this->isCustomer($currentUserId, $currentUserType));
         return $contextParameters;
     }
+
+    /**
+     * Checking if current user is logged
+     *
+     * @param int|null $customerId
+     * @param int|null $customerType
+     * @return bool
+     */
+    private function isCustomer(?int $customerId, ?int $customerType): bool
+    {
+        return !empty($customerId) && !empty($customerType) && $customerType !== UserContextInterface::USER_TYPE_GUEST;
+    }
 }

app/code/Magento/CustomerGraphQl/Model/Customer/GetCustomer.php

@@ -7,7 +7,6 @@
 
 namespace Magento\CustomerGraphQl\Model\Customer;
 
-use Magento\Authorization\Model\UserContextInterface;
 use Magento\Customer\Api\AccountManagementInterface;
 use Magento\Customer\Api\CustomerRepositoryInterface;
 use Magento\Customer\Api\Data\CustomerInterface;
@@ -18,7 +17,7 @@
 use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Exception\GraphQlNoSuchEntityException;
-use Magento\Framework\GraphQl\Query\Resolver\ContextInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Get customer
@@ -68,11 +67,6 @@ public function __construct(
     public function execute(ContextInterface $context): CustomerInterface
     {
         $currentUserId = $context->getUserId();
-        $currentUserType = $context->getUserType();
-
-        if (true === $this->isUserGuest($currentUserId, $currentUserType)) {
-            throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
-        }
 
         try {
             $customer = $this->customerRepository->getById($currentUserId);
@@ -100,19 +94,4 @@ public function execute(ContextInterface $context): CustomerInterface
         }
         return $customer;
     }
-
-    /**
-     * Checking if current customer is guest
-     *
-     * @param int|null $customerId
-     * @param int|null $customerType
-     * @return bool
-     */
-    private function isUserGuest(?int $customerId, ?int $customerType): bool
-    {
-        if (null === $customerId || null === $customerType) {
-            return true;
-        }
-        return 0 === (int)$customerId || (int)$customerType === UserContextInterface::USER_TYPE_GUEST;
-    }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/ChangePassword.php

@@ -13,9 +13,11 @@
 use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\GraphQl\Config\Element\Field;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Change customer password resolver
@@ -70,6 +72,11 @@ public function resolve(
         array $value = null,
         array $args = null
     ) {
+        /** @var ContextInterface $context */
+        if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+            throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+        }
+
         if (!isset($args['currentPassword']) || '' == trim($args['currentPassword'])) {
             throw new GraphQlInputException(__('Specify the "currentPassword" value.'));
         }
@@ -78,16 +85,16 @@ public function resolve(
             throw new GraphQlInputException(__('Specify the "newPassword" value.'));
         }
 
-        $customer = $this->getCustomer->execute($context);
-        $customerId = (int)$customer->getId();
-
+        $customerId = $context->getUserId();
         $this->checkCustomerPassword->execute($args['currentPassword'], $customerId);
 
         try {
             $this->accountManagement->changePasswordById($customerId, $args['currentPassword'], $args['newPassword']);
         } catch (LocalizedException $e) {
             throw new GraphQlInputException(__($e->getMessage()), $e);
         }
+
+        $customer = $this->getCustomer->execute($context);
         return $this->extractCustomerData->execute($customer);
     }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/CreateCustomerAddress.php

@@ -9,22 +9,18 @@
 
 use Magento\CustomerGraphQl\Model\Customer\Address\CreateCustomerAddress as CreateCustomerAddressModel;
 use Magento\CustomerGraphQl\Model\Customer\Address\ExtractCustomerAddressData;
-use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Customers address create, used for GraphQL request processing
  */
 class CreateCustomerAddress implements ResolverInterface
 {
-    /**
-     * @var GetCustomer
-     */
-    private $getCustomer;
-
     /**
      * @var CreateCustomerAddressModel
      */
@@ -36,16 +32,13 @@ class CreateCustomerAddress implements ResolverInterface
     private $extractCustomerAddressData;
 
     /**
-     * @param GetCustomer $getCustomer
      * @param CreateCustomerAddressModel $createCustomerAddress
      * @param ExtractCustomerAddressData $extractCustomerAddressData
      */
     public function __construct(
-        GetCustomer $getCustomer,
         CreateCustomerAddressModel $createCustomerAddress,
         ExtractCustomerAddressData $extractCustomerAddressData
     ) {
-        $this->getCustomer = $getCustomer;
         $this->createCustomerAddress = $createCustomerAddress;
         $this->extractCustomerAddressData = $extractCustomerAddressData;
     }
@@ -60,13 +53,16 @@ public function resolve(
         array $value = null,
         array $args = null
     ) {
+        /** @var ContextInterface $context */
+        if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+            throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+        }
+
         if (!isset($args['input']) || !is_array($args['input']) || empty($args['input'])) {
             throw new GraphQlInputException(__('"input" value should be specified'));
         }
 
-        $customer = $this->getCustomer->execute($context);
-
-        $address = $this->createCustomerAddress->execute((int)$customer->getId(), $args['input']);
+        $address = $this->createCustomerAddress->execute($context->getUserId(), $args['input']);
         return $this->extractCustomerAddressData->execute($address);
     }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/Customer.php

@@ -8,10 +8,12 @@
 namespace Magento\CustomerGraphQl\Model\Resolver;
 
 use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\CustomerGraphQl\Model\Customer\ExtractCustomerData;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Customers field resolver, used for GraphQL request processing.
@@ -50,8 +52,12 @@ public function resolve(
         array $value = null,
         array $args = null
     ) {
-        $customer = $this->getCustomer->execute($context);
+        /** @var ContextInterface $context */
+        if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+            throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+        }
 
+        $customer = $this->getCustomer->execute($context);
         return $this->extractCustomerData->execute($customer);
     }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/CustomerAddresses.php

@@ -8,7 +8,6 @@
 namespace Magento\CustomerGraphQl\Model\Resolver;
 
 use Magento\Customer\Model\Customer;
-use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\Framework\GraphQl\Config\Element\Field;
@@ -20,25 +19,17 @@
  */
 class CustomerAddresses implements ResolverInterface
 {
-    /**
-     * @var GetCustomer
-     */
-    private $getCustomer;
-
     /**
      * @var ExtractCustomerAddressData
      */
     private $extractCustomerAddressData;
 
     /**
-     * @param GetCustomer $getCustomer
      * @param ExtractCustomerAddressData $extractCustomerAddressData
      */
     public function __construct(
-        GetCustomer $getCustomer,
         ExtractCustomerAddressData $extractCustomerAddressData
     ) {
-        $this->getCustomer = $getCustomer;
         $this->extractCustomerAddressData = $extractCustomerAddressData;
     }
 

app/code/Magento/CustomerGraphQl/Model/Resolver/DeleteCustomerAddress.php

@@ -9,22 +9,18 @@
 
 use Magento\CustomerGraphQl\Model\Customer\Address\DeleteCustomerAddress as DeleteCustomerAddressModel;
 use Magento\CustomerGraphQl\Model\Customer\Address\GetCustomerAddress;
-use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Customers address delete, used for GraphQL request processing.
  */
 class DeleteCustomerAddress implements ResolverInterface
 {
-    /**
-     * @var GetCustomer
-     */
-    private $getCustomer;
-
     /**
      * @var GetCustomerAddress
      */
@@ -36,16 +32,13 @@ class DeleteCustomerAddress implements ResolverInterface
     private $deleteCustomerAddress;
 
     /**
-     * @param GetCustomer $getCustomer
      * @param GetCustomerAddress $getCustomerAddress
      * @param DeleteCustomerAddressModel $deleteCustomerAddress
      */
     public function __construct(
-        GetCustomer $getCustomer,
         GetCustomerAddress $getCustomerAddress,
         DeleteCustomerAddressModel $deleteCustomerAddress
     ) {
-        $this->getCustomer = $getCustomer;
         $this->getCustomerAddress = $getCustomerAddress;
         $this->deleteCustomerAddress = $deleteCustomerAddress;
     }
@@ -60,13 +53,16 @@ public function resolve(
         array $value = null,
         array $args = null
     ) {
+        /** @var ContextInterface $context */
+        if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+            throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+        }
+
         if (!isset($args['id']) || empty($args['id'])) {
             throw new GraphQlInputException(__('Address "id" value should be specified'));
         }
 
-        $customer = $this->getCustomer->execute($context);
-        $address = $this->getCustomerAddress->execute((int)$args['id'], (int)$customer->getId());
-
+        $address = $this->getCustomerAddress->execute((int)$args['id'], $context->getUserId());
         $this->deleteCustomerAddress->execute($address);
         return true;
     }

app/code/Magento/CustomerGraphQl/Model/Resolver/RevokeCustomerToken.php

@@ -7,36 +7,29 @@
 
 namespace Magento\CustomerGraphQl\Model\Resolver;
 
-use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
 use Magento\Framework\GraphQl\Config\Element\Field;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
+use Magento\GraphQl\Model\Query\ContextInterface;
 use Magento\Integration\Api\CustomerTokenServiceInterface;
 
 /**
  * Customers Revoke Token resolver, used for GraphQL request processing.
  */
 class RevokeCustomerToken implements ResolverInterface
 {
-    /**
-     * @var GetCustomer
-     */
-    private $getCustomer;
-
     /**
      * @var CustomerTokenServiceInterface
      */
     private $customerTokenService;
 
     /**
-     * @param GetCustomer $getCustomer
      * @param CustomerTokenServiceInterface $customerTokenService
      */
     public function __construct(
-        GetCustomer $getCustomer,
         CustomerTokenServiceInterface $customerTokenService
     ) {
-        $this->getCustomer = $getCustomer;
         $this->customerTokenService = $customerTokenService;
     }
 
@@ -50,8 +43,11 @@ public function resolve(
         array $value = null,
         array $args = null
     ) {
-        $customer = $this->getCustomer->execute($context);
+        /** @var ContextInterface $context */
+        if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+            throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+        }
 
-        return ['result' => $this->customerTokenService->revokeCustomerAccessToken((int)$customer->getId())];
+        return ['result' => $this->customerTokenService->revokeCustomerAccessToken($context->getUserId())];
     }
 }

app/code/Magento/CustomerGraphQl/Model/Resolver/UpdateCustomer.php

@@ -9,11 +9,13 @@
 
 use Magento\CustomerGraphQl\Model\Customer\GetCustomer;
 use Magento\CustomerGraphQl\Model\Customer\UpdateCustomerAccount;
+use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\CustomerGraphQl\Model\Customer\ExtractCustomerData;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
+use Magento\GraphQl\Model\Query\ContextInterface;
 
 /**
  * Update customer data resolver
@@ -60,6 +62,11 @@ public function resolve(
         array $value = null,
         array $args = null
     ) {
+        /** @var ContextInterface $context */
+        if (false === $context->getExtensionAttributes()->getIsCustomer()) {
+            throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
+        }
+
         if (!isset($args['input']) || !is_array($args['input']) || empty($args['input'])) {
             throw new GraphQlInputException(__('"input" value should be specified'));
         }